All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"cve": [{"id": "CVE-2007-1678", "type": "cve", "title": "CVE-2007-1678", "description": "Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler.", "published": "2007-03-26T19:19:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1678", "cvelist": ["CVE-2007-1678"], "lastseen": "2017-07-29T11:21:56"}], "osvdb": [{"id": "OSVDB:33522", "type": "osvdb", "title": "Fizzle Extension for Firefox Feed Data XSS", "description": "## Vulnerability Description\nThe Fizzle add-on for Mozilla Firefox contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate RSS feed data upon converting HTML entity code back into ASCII equivalents. This could allow a user to create a specially crafted feed that would execute untrusted code in a user's browser within a trusted context of the browser, leading to a loss of integrity.\n## Technical Description\nMozilla has removed the add-on page for this extension, however Google cache shows that the author of the extension had posted a notice verifying the vulnerability.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): \n- Do not subscribe to untrusted XML feeds\n- Disallow HTML within an XML feed if the option is present.\n## Short Description\nThe Fizzle add-on for Mozilla Firefox contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate RSS feed data upon converting HTML entity code back into ASCII equivalents. This could allow a user to create a specially crafted feed that would execute untrusted code in a user's browser within a trusted context of the browser, leading to a loss of integrity.\n## References:\nVendor URL: https://addons.mozilla.org/firefox/1307/\n[Secunia Advisory ID:24654](https://secuniaresearch.flexerasoftware.com/advisories/24654/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0369.html\nKeyword: RSS\nISS X-Force ID: 33227\nFrSIRT Advisory: ADV-2007-1112\n[CVE-2007-1678](https://vulners.com/cve/CVE-2007-1678)\nBugtraq ID: 23144\n", "published": "2007-03-24T10:04:21", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:33522", "cvelist": ["CVE-2007-1678"], "lastseen": "2017-04-28T13:20:29"}]}}